Users and Roles

Users and Roles

The Users and Roles tab (screenshot below) has four sub-tabs. These sub-tabs work together to enable user accounts to be administered. User accounts can be set up and configured for privileges, and summaries of accounts and privileges can be viewed in the Reports sub-tab. See the sub-sections for detailed descriptions.

A user is defined by a name-and-password combination. Users access MobileTogether Server in two ways:

•

Web UI access: The Web UI is the administrative interface of MobileTogether Server. Logging in to the Web UI requires a name-and-password combination; it is therefore done as a user.

•

Service interface: The HTTP service interface exposes MobileTogether Server services, typically to the MobileTogether Client app on a mobile device. A user accesses the service interface by using a name-and-password combination. The services exposed relate typically to access to MobileTogether solutions and their related data.

Two special users are predefined:

root

root is the initial administrator user. It is initially the most powerful user, having all privileges and having the ability to add other users and to set roles. Its initial name-password combination is: root-root. The password can be changed at any time.

anonymous

anonymous is an account for anonymous users that access services exposed via the HTTP service interface. It cannot be used for logging in to the Web UI, and it has no initial password.

A privilege is an activity that a user is allowed to carry out. There is a fixed number of MobileTogether Server privileges, and a user can be assigned zero to all of the available privileges. It is, however, good practice to assign privileges via roles (see next section), rather than to assign privileges directly to the user. The assigning of privileges and roles to a user is done by a user that has been assigned this privilege. Initially, it is root user that has this privilege.

A role defines a set of privileges. It can be assigned to another role or to a user. A role's privileges automatically become the privileges of any other role or any user that the role is assigned to. A user can be assigned any number of roles. As a result, a user will have all the privileges defined in the multiple assigned roles.

The following roles are predefined:

•

authenticated is automatically assigned to every user exceptanonymous. So a user with a name-and-password is assigned the authenticated role.

•

all is automatically assigned to every user including anonymous.

•

workflow-designer is assigned to users that design workflows in MobileTogether Designer. This role allows a user to open and save workflows, as well as to run a simulation on the server.

•

workflow-user is assigned to users running the workflow on a mobile device. This role allows the user to access the service interface without needing to log in to the server and start the solution on the client.

•

admin has all available privileges and is intended for users that are to function as administrators.